Full Disclosure: Re: Apple IOS security issue pre-advisory record

Re: Apple IOS security issue pre-advisory record

From: Dave <mrx () propergander org uk>
Date: Fri, 23 Mar 2012 22:34:38 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

And I thought curiosity killed only pussy cats.
I don't consider myself a security professional, but playing around with computers since the early 80's has certainly 
taught me that:

i)      Most links in forums.emails.blogs etc. benefit only the poster when clicked upon.
ii)     Paranoia is healthy. If one runs a computer most people ARE out to get you.
iii)    Lots of people are smarter than I.
iv)     If the curiosity is irresistible... use a VM.
v)      Browse unknown sites with scripting/cookies/etc disabled or use wget/lynx or see above.
vi)     Trust no one, Trust nothing.
vii)    At the first sign of compromise format and reinstall from trusted media.

I really shouldn't be trying to teach grannies to suck eggs but...
The last computer virus/compromise that affected a computer I owned, apart from those I purposely infect VM's with was 
the Saddam virus on my Amiga.

Now in my smugness, I expect I will be handed my ass later....

que sera sera

QR tags (matrix barcode)  now there's some fun waiting to happen ;-)

Dave
        
On 23/03/2012 20:41, Gary Baribault wrote:

I find it very unfortunate that 300 supposed security professionals
clicked on a hidden link like that without first checking what it was,
or if not simply ignoring it like I did!!!

Gary Baribault
Courriel: gary () baribault net
GPG Key: 0x685430d1
Signature: 9E4D 1B7C CB9F 9239 11D9 71C3 6C35 C6B7 6854 30D1


On 03/23/2012 12:34 PM, john doe wrote:

he he, good catch :)
Anyway, it doesn't hurt anybody: it's just a vote.
Well, let me explain. I'm a journalist (non IT, mainstream) preparing
an article about different internet communities behaviors. I've posted
similar messages talking about a security issue, pron pics, divx,
software and breaking news in several famous boards accordingly to
analyze the different related communities behaviors.
Each one links to a vote for different video contests so that I can
measure the hints.
Good to notice: this message has generated about 300 votes in the
first 15 minutes, making it the second score behind "divx" for now on.

Thank you, and sorry for inconveniences (if any) !

On Fri, Mar 23, 2012 at 1:59 PM, adam <adam () papsy net
<mailto:adam () papsy net>> wrote:

    That's pretty clever. But it doesn't work when people have tinyURL
    previews enabled.

    URL:
    http://www.dailymotion.com/ajax/contest?*ajax_function=vote*&ajax_arg[]=41941248&ajax_arg[]=2223
    <http://www.dailymotion.com/ajax/contest?ajax_function=vote&ajax_arg[]=41941248&ajax_arg[]=2223>


    Response:
    +:{"message":"Thank you","status":1}

    On Fri, Mar 23, 2012 at 7:14 AM, john doe <ninjaobsessed () gmail com
    <mailto:ninjaobsessed () gmail com>> wrote:

        Advisory Disclosure MD5: e29e5501dc2ca4d5fc06855762b14393
        Abstract <http://tinyurl.com/8xq2xcq>

        Regards,
        _______________________________________________
        Full-Disclosure - We believe in it.
        Charter: http://lists.grok.org.uk/full-disclosure-charter.html
        Hosted and sponsored by Secunia - http://secunia.com/





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBT2z6frIvn8UFHWSmAQJ45Qf+Kgdx07L8TESYQ5LraMuTx33b7dYhlDYU
ziBk//dhM9mO0SSOGgUbZWQZTeUXwI+213Njf6xQQ9urr7VfNzJ/FXCCyH7FicKI
xMkI/0p/8ZELdx0bsGxr0Jy/sWTnQT1pQvBPXRKX44jVg9TkDy9YxBVxdkzBaput
oAzSuFNnEbDNEgvS1mxwimjzOAtvYdisCMOuTyS2nptPHNOJ0QuhMQ0WsfbwUhLr
b2/zPETVsH0NVR1jIS+qMzSFfDhSGJQc5H+phkKQ4FbTVsdJvVnMlgUhOHbdYO8T
glPR6P+vey8BUBbtGaRtIx2qNZhx1HwkMODXI6FQHRjHAPXrJcDsBw==
=v9iB
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Apple IOS security issue pre-advisory record john doe (Mar 23)
- Re: Apple IOS security issue pre-advisory record adam (Mar 23)
  - Re: Apple IOS security issue pre-advisory record john doe (Mar 23)
    - Re: Apple IOS security issue pre-advisory record Gary Baribault (Mar 23)
    - Re: Apple IOS security issue pre-advisory record adam (Mar 23)
    - Re: Apple IOS security issue pre-advisory record Dave (Mar 23)
    - Re: Apple IOS security issue pre-advisory record Valdis . Kletnieks (Mar 24)
    - Re: Apple IOS security issue pre-advisory record Dave (Mar 24)
    - Re: Apple IOS security issue pre-advisory record Michal Zalewski (Mar 23)
    - Re: Apple IOS security issue pre-advisory record Dave (Mar 24)
    - Re: Apple IOS security issue pre-advisory record rackow (Mar 24)
    - Re: Apple IOS security issue pre-advisory record Valdis . Kletnieks (Mar 24)
    - Re: Apple IOS security issue pre-advisory record Dave (Mar 24)
    - Re: Apple IOS security issue pre-advisory record Valdis . Kletnieks (Mar 24)
    - Re: Apple IOS security issue pre-advisory record Dave (Mar 24)
    - Re: Apple IOS security issue pre-advisory record IA64 LOL (Mar 26)

(Thread continues...)